Fedora Linux Support Community & Resources Center
  #1  
Old 20th November 2009, 10:10 PM
Peter_O Offline
Registered User
 
Join Date: Nov 2009
Posts: 38
linuxfedorafirefox
XAMPP conflicts with SELinux

Hi Folks

Can anyone offer any insight or advice to getting XAMPP running successfully alongside SELinux? Fedora 12 Beta.

Situation is this.. If I disable SELinux, XAMPP runs fine. If I enable SELinux, I get the following errors:

/
# /opt/lampp/lampp start

opt/lampp/lampp startStarting XAMPP for Linux 1.7.2...
/opt/lampp/bin/php: error while loading shared libraries: libexslt.so.0: cannot enable executable stack as shared object requires: Permission denied
XAMPP: Starting Apache with SSL ...
/opt/lampp/bin/httpd: error while loading shared libraries: libexpat.so.0: cannot enable executable stack as shared object requires: Permission denied
XAMPP: Error 127! Couldn't start Apache!
XAMPP: Starting diagnose...
XAMPP: Sorry, I've no idea what's going wrong.
XAMPP: Please contact our forum http://www.apachefriends.org/f/

XAMPP: Starting MySQL...
/opt/lampp/bin/my_print_defaults: error while loading shared libraries: libz.so.1: cannot enable executable stack as shared object requires: Permission denied
/opt/lampp/bin/my_print_defaults: error while loading shared libraries: libz.so.1: cannot enable executable stack as shared object requires: Permission denied
XAMPP: Couldn't start MySQL!
XAMPP: Starting ProFTPD...
XAMPP: /opt/lampp/sbin/proftpd: error while loading shared libraries: libcrypto.so.0.9.8: cannot enable executable stack as shared object requires: Permission denied
XAMPP: Error 127! Couln't start ProFTPD!
XAMPP for Linux started.


I have tried following the instructions here:

http://www.vectorns.com/blog/19-runn...elinux-enabled

N.B. You need to change some of the date dependent directories to execute the commands. The above errors however are after applying the suggested changes.

Input as ever is appreciated.

Cheers
Peter
__________________
Running Fedora 12 - (Constantine) - Kernel Linux 2.6.31.5-122.fc12.i686.PAE - Gnome 2.28.0
Reply With Quote
  #2  
Old 23rd November 2009, 11:17 AM
Peter_O Offline
Registered User
 
Join Date: Nov 2009
Posts: 38
linuxfedorafirefox
Are there any other online sources that it may be worth posting this query to? Finding my way with Linux and I'd rather not just disable SELinux if there is a way I can make XAMPP and SELinux co-exist. Perhaps the answer is to find out how to achieve what XAMPP does by installing and configuring correctly the individual components?

Cheers
Peter
__________________
Running Fedora 12 - (Constantine) - Kernel Linux 2.6.31.5-122.fc12.i686.PAE - Gnome 2.28.0
Reply With Quote
  #3  
Old 23rd November 2009, 11:27 AM
pete_1967 Online
Clueless in a Cuckooland
 
Join Date: Mar 2006
Location: Here now, elsewhere tomorrow.
Posts: 4,339
windows_xp_2003ie
Install SELinux monitor (SELinux troubleshooter tool), it'll tell you the reason it blocks access and how to change the context of files if you want it to allow action. (You find same info from SELinux logs if you prefer hands-on method.) In other words: you need to analyse SELinux logs for reasons why it blocks something.

On the other hand, I've never understood why anyone wants to use XAMPP on a Linux box in the first place. Install Apache, MySQL, php and php-mysql (and any other bits and bobs you fancy) from repos and you're done, additional benefit is that they get updated through Yum for security and versions.
__________________
A Drink is Not Just For Christmas - SaskyCom :thumb:


“Give a man a fish; you have fed him for today. Teach a man to fish; and you have fed him for a lifetime” so now go and...
RTFM FIRST: http://docs.fedoraproject.org/ & http://rute.2038bug.com/index.html.gz
Reply With Quote
  #4  
Old 23rd November 2009, 11:42 AM
forkbomb Offline
Registered User
 
Join Date: May 2007
Location: U.S.
Posts: 4,851
windows_7firefox
Quote:
Originally Posted by pete_1967 View Post
On the other hand, I've never understood why anyone wants to use XAMPP on a Linux box in the first place.
It's still a quick, easy, and clean way to deploy a LAMP implementation quickly, and it installs to its own directory that it never leaves. The central web management GUI is handy, too. Of course, it's not recommended for production environments, but XAMPP is worth its weight in gold to developers.
__________________
- Tom
"What is freedom? To have the will to be responsible for one's self." - Stirner
Reply With Quote
  #5  
Old 23rd November 2009, 02:03 PM
bepaald Offline
Registered User
 
Join Date: Nov 2004
Posts: 124
linuxfedorafirefox
Apparently the xampp libraries were compiled with the executable stack enabled (that's usually not necessary and a bad idea, you should complain about that). Starting with F12, the default SELinux policy denies the executable stack to be enabled. This is your problem (and also causes a lot of trouble for people installing the nvidia graphics drivers or matlab).

A simple solution is to run (with root permissions):
Code:
setsebool -P allow_execstack on
Note: this enables the executable stack for ALL libs, which might not be the cleanest solution, but was the situation in F11 and earlier.

bepaald
__________________
Running F20 x86_64 with KDE
Intel Core i7-4771 @ 3.5GHz
8G RAM
Reply With Quote
  #6  
Old 23rd November 2009, 06:44 PM
pete_1967 Online
Clueless in a Cuckooland
 
Join Date: Mar 2006
Location: Here now, elsewhere tomorrow.
Posts: 4,339
linuxfedorafirefox
Quote:
Originally Posted by tjvanwyk View Post
Of course, it's not recommended for production environments, but XAMPP is worth its weight in gold to developers.
In what way? You'll just be developing on different setup to production environment meaning that you can't guarantee your code is working on prod box. If you can't replicate prod setup on your work station or afford to have development box, then run dev box in a virtual machine but never develop and test code in one setup and assume it to work in another.
__________________
A Drink is Not Just For Christmas - SaskyCom :thumb:


“Give a man a fish; you have fed him for today. Teach a man to fish; and you have fed him for a lifetime” so now go and...
RTFM FIRST: http://docs.fedoraproject.org/ & http://rute.2038bug.com/index.html.gz
Reply With Quote
  #7  
Old 24th November 2009, 07:23 AM
Peter_O Offline
Registered User
 
Join Date: Nov 2009
Posts: 38
linuxfedorafirefox
Hi Folks

Thanks for the various replies. My situation is that I just need a "simple" web server to act as a test bed for some PC developed web content, I was having issues getting Apache set up. XAMPP appeared to be an expedient solution. XAMPP works a treat by the way, aside from the SELinux conflicts.

Anyways, I decided to have another crack at installing Apache and can report that it's now happily running as a local Intranet (which is all I need it to do) and can serve pages to my networked Windows based PC's.

Previously I could never get the Apache service to start - it was always in a permanent state of being started without ever actually starting. Brute force un-install and re-install via System > Administration > Add/Remove Software fixed whatever the issue was. I had followed the excellent instructions in Firewing1's thread - Every Server Setup Imaginable - and either not followed the instructions carefully enough (likely given I'm new to this) or there are subtle differences in Fedora 12 and Add/Remove Software does a better job of installation than doing it via a manual install (possible I guess).

Right... now need to get vsftp configured so my PC clients can upload content... Doubtless I'll be back. Thank you again for your help and advice on this occasion.

Cheers
Peter
__________________
Running Fedora 12 - (Constantine) - Kernel Linux 2.6.31.5-122.fc12.i686.PAE - Gnome 2.28.0
Reply With Quote
  #8  
Old 24th November 2009, 04:36 PM
dragonbite Offline
Registered User
 
Join Date: May 2006
Location: Northeast USA
Age: 43
Posts: 1,260
windows_xp_2003opera
This is good timing. I was just thinking of installing Xampp on my laptop so I can do development locally and then easily turn it all off when I am not developing. Didn't even think SELinux could cause problems.

Previously I was thinking of setting up a VM image of a LAMP stack, but this I think will be easier.

Do you know if Drupal runs OK on Xampp?
__________________
Linux provides freedom, the problem is most users don't know what it is or how to use it.
My Blog | Danbury Area Computer Society Board Member | Linux User# : 477531
p.s. Anybody who sees I am incorrect in technical procedures, etc., please feel free to correct me. I'm just figuring this out as I go along. :D
Reply With Quote
  #9  
Old 24th November 2009, 05:24 PM
Peter_O Offline
Registered User
 
Join Date: Nov 2009
Posts: 38
windows_xp_2003ie
Quote:
Originally Posted by dragonbite View Post
This is good timing. I was just thinking of installing Xampp on my laptop ....... Do you know if Drupal runs OK on Xampp?
I've started typing, so I'll finish...... I' running WAMP and FileZillla server quite successfully on my Vista laptop.Just realised you are probably running Linux on your Laptop so WAMP is no use to you... Sorry.

As I'd wanted to take a look at a modern Linux for a while now. Having got it running setting up a web server, PHP and MySQL just kind of seemed the next logical thing to do. Of course, given my learning curve with Linux/Fedora (I'm died in the wool Netware 3.11 and Windows everything) setting up some of this stuff up is never as straightforward as you might ideally like. This despite having spent some time as sys-admin on a few Unix boxes (AIX, SunOS amd HP-UX). XAMPP therefore seemed an easy solution and aside from the SELinux issues was a doddle to set up. However, I've now got my Apache server working as an Intranet only and just struggling with file permissions on vsftpd, otherwise I've achieved it the "proper" Linux way.

Good luck with yours - whichever route you take.

Cheers
Peter
__________________
Running Fedora 12 - (Constantine) - Kernel Linux 2.6.31.5-122.fc12.i686.PAE - Gnome 2.28.0
Reply With Quote
  #10  
Old 1st December 2009, 05:52 PM
dragonbite Offline
Registered User
 
Join Date: May 2006
Location: Northeast USA
Age: 43
Posts: 1,260
windows_xp_2003opera
Quote:
Originally Posted by bepaald View Post
Apparently the xampp libraries were compiled with the executable stack enabled (that's usually not necessary and a bad idea, you should complain about that). Starting with F12, the default SELinux policy denies the executable stack to be enabled. This is your problem (and also causes a lot of trouble for people installing the nvidia graphics drivers or matlab).

A simple solution is to run (with root permissions):
Code:
setsebool -P allow_execstack on
Note: this enables the executable stack for ALL libs, which might not be the cleanest solution, but was the situation in F11 and earlier.

bepaald
How do you turn the allow off again? setsebool -P allow_execstatck off didn't seem to work for me. Unless it changes the flag back but doesn't take effect until next boot-up?
__________________
Linux provides freedom, the problem is most users don't know what it is or how to use it.
My Blog | Danbury Area Computer Society Board Member | Linux User# : 477531
p.s. Anybody who sees I am incorrect in technical procedures, etc., please feel free to correct me. I'm just figuring this out as I go along. :D
Reply With Quote
  #11  
Old 12th March 2010, 03:58 PM
cmujica Offline
Registered User
 
Join Date: Mar 2010
Posts: 1
linuxsafari
Re: XAMPP conflicts with SELinux

i have a solution...
i read the message from SELinux and he say: command to correct
Code:
$chcon -t execmem_exec_t '/opt/lampp/bin/php-5.3.1'
and the same with "mysql" and "httpd"
the problem is solved
---------------------------------------------------------------------------------------------
encontre una solucion
en SELinux aparece una linea que dice: comando para corregir
Code:
$chcon -t execmem_exec_t '/opt/lampp/bin/httpd'
por ejemplo el codigo anterior... luego pide hacer lo mismo para php y mysql, luego
correr de nuevo con $/opt/lampp/lampp start
y me corrio todo, espero les sirva
saludos
Reply With Quote
  #12  
Old 8th October 2010, 07:25 AM
nikhilmkumar Offline
Registered User
 
Join Date: Sep 2010
Location: Kottayam Kerala India
Posts: 28
windows_xp_2003chrome
Talking Re: XAMPP conflicts with SELinux

Let me try.

Anyways thanks for your post dude
Reply With Quote
  #13  
Old 20th January 2011, 03:20 AM
jbanger Offline
Registered User
 
Join Date: Jan 2011
Posts: 1
linuxfedorafirefox
Re: XAMPP conflicts with SELinux

This has been very helpful. Thank you. I also ran into a similar problem after running the chcon commands.

I'm running XAMPP 1.7.3a on Fedora 14 with XFCE

XAMPP wasn't starting MySQL and left an uninformative message:

"XAMPP: Couldn't start MySQL!"

After digging around the /opt/lampp/lampp script, I found that '/opt/lampp/bin/mysql.server' also needed access to executable memory (That is what chcon -t execmem_exec_t does, right?)

the command is
chcon -t execmem_exec_t '/opt/lampp/bin/mysql.server'

------------

Also note that selinux prevents the '/opt/lampp/lampp security' script from altering '/opt/lampp/etc/proftpd.conf'

This prevents the password from being saved in the configuration file although it is changed for proFTPD. I resolved this by manually placing my new password in the file at line 39.

EDIT: later, I realized that the security script can be run much more easily with 'setsebool -P allow_execstack on' as suggested above.

Last edited by jbanger; 20th January 2011 at 03:48 AM.
Reply With Quote
  #14  
Old 13th June 2011, 11:19 AM
dragonbite Offline
Registered User
 
Join Date: May 2006
Location: Northeast USA
Age: 43
Posts: 1,260
linuxfedorafirefox
Re: XAMPP conflicts with SELinux

I just installed Xampp on a fresh Fedora 14 (KDE) installation and got this to work. I haven't rebooted to see if I have to make this run each time yet.

Actually, the solution was given to me. When I tried to start Xampp through the usual
Code:
/opt/lampp/lampp start
it gave me the errors mentioned in the first post. Then the icon for SELinux troubleshooter came up and for further details I got
Code:
SELinux is preventing /opt/lampp/bin/php-5.3.5 from using the execstack access on a process.

*****  Plugin allow_execstack (53.1 confidence) suggests  ********************

If you believe that 
None
should not require execstack
Then you should clear the execstack flag and see if /opt/lampp/bin/php-5.3.5 works correctly.
Report this as a bug on None.
You can clear the exestack flag by executing:
Do
execstack -c None

*****  Plugin catchall_boolean (42.6 confidence) suggests  *******************

If you want to allow unconfined executables to make their stack executable.  This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
Then you must tell SELinux about this by enabling the 'allow_execstack' boolean.
Do
setsebool -P allow_execstack 1

*****  Plugin catchall (5.76 confidence) suggests  ***************************

If you believe that php-5.3.5 should be allowed execstack access on processes labeled unconfined_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep php /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                Unknown [ process ]
Source                        php
Source Path                   /opt/lampp/bin/php-5.3.5
Port                          <Unknown>
Host                          kobold.kingdom
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.7-40.fc14
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     kobold.kingdom
Platform                      Linux kobold.kingdom 2.6.35.13-92.fc14.i686 #1 SMP
                              Sat May 21 17:39:42 UTC 2011 i686 i686
Alert Count                   14
First Seen                    Sat 11 Jun 2011 11:23:04 PM EDT
Last Seen                     Mon 13 Jun 2011 05:58:14 AM EDT
Local ID                      f90c4e04-3c84-4c63-92e7-61eab554a320

Raw Audit Messages
type=AVC msg=audit(1307959094.553:25): avc:  denied  { execstack } for  pid=2351 comm="proftpd" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process


type=SYSCALL msg=audit(1307959094.553:25): arch=i386 syscall=mprotect success=no exit=EACCES a0=bfa8c000 a1=1000 a2=1000007 a3=bfa8c4f8 items=0 ppid=2341 pid=2351 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm=proftpd exe=/opt/lampp/sbin/proftpd subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Hash: php,unconfined_t,unconfined_t,process,execstack

audit2allow

#============= unconfined_t ==============
#!!!! This avc can be allowed using the boolean 'allow_execstack'

allow unconfined_t self:process execstack;

audit2allow -R

#============= unconfined_t ==============
#!!!! This avc can be allowed using the boolean 'allow_execstack'

allow unconfined_t self:process execstack;
So I pulled out of there and ran
Code:
semodule -i mypol.pp
And it works! I can't say I fully understand what all is going on here, or how vulnerable it leaves me either but this is a development only machine.
__________________
Linux provides freedom, the problem is most users don't know what it is or how to use it.
My Blog | Danbury Area Computer Society Board Member | Linux User# : 477531
p.s. Anybody who sees I am incorrect in technical procedures, etc., please feel free to correct me. I'm just figuring this out as I go along. :D
Reply With Quote
Reply

Tags
conflicts, selinux, xampp

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Xampp Raskula Using Fedora 5 6th December 2008 10:54 PM
Xampp telepatico Servers & Networking 0 4th November 2007 02:37 AM
xampp k0rfain Servers & Networking 0 18th July 2007 01:43 AM
Fc2 + Xampp nmsdesign EOL (End Of Life) Versions 0 12th December 2005 05:29 PM
yum conflicts and SELinux LinuxHippy Using Fedora 9 5th September 2005 06:28 PM


Current GMT-time: 12:41 (Saturday, 01-11-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Bismarck Instagram Photos - Lupon Travel Photos on Instagram - Alton Instagram Photos